From 139ef584ce6999d05dde282977b10307fe941cca Mon Sep 17 00:00:00 2001 From: Shuran Huang <89418275+shuranhuang@users.noreply.github.com> Date: Mon, 21 Aug 2023 05:55:59 -0400 Subject: [PATCH] Let `document.hasStorageAccess` check whether the Document already has unpartitioned data access (#174) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commits tries to make hSA match the description in the spec that “This specification defines a method to query whether or not a Document currently has access to its unpartitioned data (hasStorageAccess()) …” by including a check of whether the user agent allows the document to access unpartitioned data based on user settings. Fixes #171 --------- Co-authored-by: Johann Hofmann --- storage-access.bs | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/storage-access.bs b/storage-access.bs index cbd4578..db9eef4 100644 --- a/storage-access.bs +++ b/storage-access.bs @@ -156,13 +156,34 @@ When invoked on {{Document}} |doc|, the ha 1. If |doc|'s [=Document/origin=] is an [=opaque origin=], [=/resolve=] |p| with false and return |p|. 1. Let |global| be |doc|'s [=relevant global object=]. 1. If |global| is not a [=secure context=], then [=/resolve=] |p| with false and return |p|. -1. If |doc|'s [=Document/browsing context=] is a [=top-level browsing context=], [=/resolve=] |p| with true and return |p|. 1. If the [=top-level origin=] of |doc|'s [=relevant settings object=] is an [=opaque origin=], [=/resolve=] |p| with false and return |p|. -1. If |doc| is same authority with |doc|'s [=Document/browsing context=]'s [=top-level browsing context=]'s [=active document=], [=/resolve=] |p| with true and return |p|. - - ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document. - -1. [=Queue a global task=] on the [=permissions task source=] given |global| to [=/resolve=] |p| with |global|'s [=environment/has storage access=]. +1. Let |browsingContext| be |doc|'s [=Document/browsing context=]. +1. Let |topLevelSite| be the result of [=obtain a site|obtaining a site=] from the [=top-level origin=] of |doc|'s [=relevant settings object=]. +1. Let |embeddedSite| be the result of [=obtain a site|obtaining a site=] from |doc|'s [=Document/origin=]. +1. Run the following steps [=in parallel=]: + 1. Let |whether the user agent explicitly allows unpartitioned cookie access| be an algorithm that, given a [=tuple=] |tuple| consisting of two [=sites=], runs the following steps. This algorithm returns "`none`", "`allow`" or "`disallow`". + + Note: A user agent's settings might explicitly allow or disallow unpartitioned cookie access through per-site allow-lists, the user changing global browser settings, or similar custom overrides. + + 1. If the user agent does not have explicit settings for unpartitioned cookie access for |tuple|, return "`none`". + 1. If the user agent's settings explicitly allow unpartitioned cookie access for |tuple|, return "`allow`". + 1. If the user agent's settings explicitly disallow unpartitioned cookie access for |tuple|, return "`disallow`". + 1. Let |explicitSetting| be the result of determining |whether the user agent explicitly allows unpartitioned cookie access| with (|topLevelSite|, |embeddedSite|). + 1. [=Queue a global task=] on the [=permissions task source=] given |global| to: + 1. If |explicitSetting| is "`disallow`", [=/resolve=] |p| with false. + 1. If |explicitSetting| is "`allow`", [=/resolve=] |p| with true. + 1. If |explicitSetting| is "`none`": + 1. If |browsingContext| is a [=top-level browsing context=], [=/resolve=] |p| with true. + 1. If |browsingContext| is same authority with |browsingContext|'s [=top-level browsing context=]'s [=active document=], [=/resolve=] |p| with true. + + ISSUE: "same authority" here is a placeholder for a future concept that allows user agents to perform [=same site=] checks while adhering to additional security aspects such as the presence of a cross-site parent document, see [whatwg/storage#142](https://github.com/whatwg/storage/issues/142#issuecomment-1122147159). In practice, this might involve comparing the [=site for cookies=] or performing a [=same site=] check with the top-level document. + + 1. Let |permissionState| be the result of [=getting the current permission state=] given "storage-access" and |global|. + 1. If |permissionState| is [=permission/granted=], [=/resolve=] |p| with |global|'s [=environment/has storage access=]. + + Note: The global storage access permission state takes precedence over the local [=environment/has storage access=] flag here, in order to immediately reflect a possible user choice to revoke the permission in their settings. + + 1. [=/Resolve=] |p| with false. 1. Return |p|. When invoked on {{Document}} |doc|, the requestStorageAccess() method must run these steps: